From owner-freebsd-security Sun Jul 2 5:11: 3 2000 Delivered-To: freebsd-security@freebsd.org Received: from outblaze12.outblaze.com (209.249.164.196.outblaze.com [209.249.164.196]) by hub.freebsd.org (Postfix) with SMTP id 8DCA737BBB1 for ; Sun, 2 Jul 2000 05:10:58 -0700 (PDT) (envelope-from openzero@bsdmail.com) Received: (qmail 61752 invoked by uid 1001); 2 Jul 2000 12:10:57 -0000 Message-ID: <20000702121057.61751.qmail@bsdmail.com> Content-Type: text/plain; charset="iso-8859-1" Content-Disposition: inline Content-Transfer-Encoding: 7bit Mime-Version: 1.0 X-Mailer: MIME-tools 4.104 (Entity 4.117) From: openzero@bsdmail.com To: security@freebsd.org Date: Sun, 02 Jul 2000 13:10:57 +0100 Subject: Firewall and FTPD Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org HI! Well, After configuring FreeBSD-2.2.8-RELEASE + KAME-20000425-STABLE, i set up my firewall! There is only one port for people from the outside world! Port 21 for my ProFTPD1.2.0(pre10) server. Am, after setting up my firewall, I tested the configuration, but noboy can access my server! Where's the problem! (Im using a dynamic dial-up 56-kbit connection... ipdívert - >active, natd->active!); --- CUT HERE --- fwcmd="/sbin/ipfw" $fwcmd -f flush $fwcmd add divert natd all from any to any via tun0 $fwcmd add allow ip from any to any via lo0 $fwcmd add allow ip from any to any via rl0 $fwcmd add allow tcp from any to any out xmit tun0 setup $fwcmd add allow tcp from any to any via tun0 established #$fwcmd add 65435 allow tcp from any to any 80 setup #$fwcmd add 65435 allow tcp from any to any 25 setup $fwcmd add 65435 allow tcp from any to any 21 setup $fwcmd add reset log tcp from any to any 113 in recv tun0 $fwcmd add allow udp from any to 194.25.2.129 53 out xmit tun0 $fwcmd add allow udp from 194.25.2.129 53 to any in recv tun0 $fwcmd add 65435 allow log icmp from any to any $fwcmd add 65435 deny log ip from any to any -- CUT HERE --- That's my configuration! It's stored as: /etc/firewall.OpenZERO !!! thanx.... Daniel Ridder /Germany) -- Get your free email from http://www.bsdmail.com Powered by OutBlaze To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message